Openvpn in the TP-LINK WR841N[D]

Hi folks,
Here comes a post to improve that great router from TP-LINK.
Of course, I suppose you’re running openwrt on it to use the whole power of it.
The 1st I saw was that you have available a plenty set of packages… but you don’t have enough ROM to install them :-P
Inspecting a bit, I saw that under /tmp you have a “lot” of free space! (about 14MB), that will be enough to allow run openvpn without problems.
The main problem? Its a ramdisk, so each boot, everything there disappears.
What I’ve done? Install the basics with opkg and wget on boot the rest ;-)


To have the correct environment running, first, install that 3 packages:

opkg install kmod-tun
opkg install liblzo
opkg install libopenssl

If you have a “clean” openwrt, you’ll have enough diskspace for them and its dependencies.
Then create the openvpn config folder inside the ROM memory:

mkdir /etc/openvpn

And import there your openvpn config files+certificates wathching any path reference :-P

You’ll have to change the --config ciberterminal.conf inside my script with the name of your config file!

Then create the init script:

vi /etc/init.d/openvpn

and import my script:

#!/bin/sh /etc/rc.common
# Copyright (C) 2013


start() {                                                                                                          
    local TMPPATH=/tmp/openvpn
    [ ! -d ${TMPPATH} ] && mkdir ${TMPPATH}
    cd ${TMPPATH}
    opkg update || exit 1
    tar xzf $(opkg download openvpn | grep Downloaded | cut -d\  -f4 | sed '$s/.$//')
    tar xzf data.tar.gz                                                                                                         
    rm -f pkg.tar.gz data.tar.gz control.tar.gz debian-binary                                                     
    ${TMPPATH}/usr/sbin/openvpn  --writepid /tmp/ --daemon --cd /etc/openvpn --config ciberterminal.conf 
stop() {
    PIDOF=$(ps | egrep openvpn | egrep  -v grep | awk '{print $1}')
    kill ${PIDOF}

And give it permissions:

chmod 755 /etc/init.d/openvpn

You’ll be able to set it up in the Luci webUI as the rest of the services, or run it manually (for debugging), as always with:

/etc/init.d/openvpn start

This howto is not compatible with old versions of the WR841N[D] which only has 700kbs of rom.

15 thoughts on “Openvpn in the TP-LINK WR841N[D]

  1. Thank you for this!
    A suggestion for the init.d script: Instead of downloading via wget, use opkg to get the file. Also assigning the PKG variable twice doesn’t make much sense IMO. Anyway, here’s my modification:

    Replace the lines with “PKG=…”, “wget -O” and the first line that says “tar xzf pkg.tar.gz” (4 lines in toal) with:
    [cc lang=”bash”]
    opkg update || exit 1
    tar xzf $(opkg download openvpn | grep Downloaded | cut -d\ -f4 | sed ‘$s/.$//’)

    First line makes sure opkg is up to date + you have a working internet connection.
    Second line downloads the ipkg package and gives you its filename via the grep/cut/sed pipe, then extracts it with tar right away.
    Rest of your script stays untouched

  2. btw, there is supposed to be TWO spaces after the backslash and before the -f4 in my code. apparently it was removed automatically

    – – – – – – – – – – – – – – –
    Create a custom build that includes OpenVPN (*** BUT WITHOUT THE LUCI WEBINTERFACE***) (requires a Linux system). No webinterface because of limited space on the TL WR841N(D). OpenWRT is easy enough to configure using UCI. –>
    I find this more convenient because you usually only configure it once and it doesn’t need to load an essential package every time it boots. Effectively, it doesn’t need to load anything.

    HOW TO (roughly):
    Get the ImageBuilder file from
    + necessary packages to compile everything. For details check

    Generate image using the make command. Pay attention to the selected packages here:
    [cc lang=”bash”]
    make image PROFILE=TLWR841 PACKAGES=”kmod-tun liblzo libopenssl openvpn-openssl wol etherwake dnsmasq dropbear firewall iptables iw kernel kmod-ath kmod-ath9k kmod-ath9k-common kmod-cfg80211 kmod-crypto-aes kmod-crypto-arc4 kmod-crypto-core kmod-gpio-button-hotplug kmod-ipt-conntrack kmod-ipt-core kmod-ipt-nat kmod-ipt-nathelper kmod-leds-gpio kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-ledtrig-usbdev kmod-lib-crc-ccitt kmod-mac80211 kmod-nls-base kmod-ppp kmod-pppoe kmod-pppox kmod-tun libc libgcc libip4tc libiwinfo liblzo libnl-tiny libopenssl libubox libubus libuci libxtables mtd netifd -opkg ppp ppp-mod-pppoe swconfig ubus ubusd uci wpad-mini zlib ntpdate curl”
    NOTE: OpenVPN might require valid system time (or else you’ll get a certificate error), hence I added the ntpdate package. There is other ways but adding “ntpdate -u ” to the crontabs and to /etc/rc.local will do the trick.

    A “minus” in front of the package means it was explicitly deselected.
    Using above packages, the image will NOT include the opkg package manager but there won’t be much space left on the device anyway (less than 100K for me). You can play around with it and maybe kick out stuff like the PPPoE and curl packages, but from my experience you won’t gain much free space, certainly not enough for the whole LUCI webinterface.

    IMPORTANT! Make sure you keep the essential packages so you don’t brick your router. Only way to unbrick is to solder a TTL to USB cable to your router board (which is a good idea anyhow).

    After running the make command, firmware files can be found in the “bin/ar71xx” directory. In case of a WR841N v8 this would be “openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-sysupgrade.bin”.
    IMPORTANT! Make sure the image file size does not exceed 3670020 bytes. Anything above that made the /overlay filesystem use RAM and hence any changes you make will be lost after a reboot.
    If the file gets too big you might even brick you router.

    First time accessing your router:
    [cc lang=”bash”]
    Use “passwd” to set a password for the root account. After that, telnet will get disabled and you can access it using SSH.

    Flashing an image manually (no webinterface):
    If you want to flash an image without the webinterface, you will have to do it manually.
    Telnet / SSH into your device and place your the new image file in the /tmp folder (no space anywhere else).
    [cc lang=”bash”]
    mtd -r -e firmware write MyImageFile.bin firmware

    As mentioned before, it is a good idea to have a TTL/ Serial connection in case you brick your router. For more details see:
    It’s a good idea to check out all the links I’ve put here and study them well BEFORE you try anything.

  4. Hi man!
    Yes, this will be a really nice solution (the best).
    But I didn’t want to rebuild the openwrt firmware, is a headache every-time I begin a “project” like that xD
    I think that the best option will be that openwrt community build the images without luci, you’re supposed to easily install it if you really need it.
    I really appreciate Luci cause my network configuration is not the usual one ;-) and it helped me a lot.
    Anyway, I actually have an unused wr841 and I will try to build the fw without Luci.

    PS: if you want some hosting space to share your firmware with all of us, I can provide it :-)

  5. Hello,
    thanks for the info.
    2 questions:

    1-. to be cleared to make space?
    2-. How to configure openVPN client on this router?

  6. Hi!
    I can’t undestand question #1, sorry, explain a bit more.
    #2: Is not the main post clear enough?? If you have an specific question, please tell me :-)

  7. Hello
    We have followed all the steps in your tutorial.
    And now we want to use OpenVPN on router tp-Link-WR841N like OpenVPN client. No Server.
    And we don’t know how to configure it and where we have to put the connection files in the OpenVPN client on the router TP-Link WR841N
    Note: These files has been generated on the OpenVPN server
    The other question is regarding the comment of yours, it is necessary to delete content onthe tp-link router WR841N for space.
    What is to delete exactly?

  8. Hi!
    I have BARRIER BREAKER (14.07, r42625) firmware.
    When I try to install kmod-tun:
    root@OpenWrt:~# opkg install kmod-tun

    I get:
    Unknown package ‘kmod-tun’.
    Collected errors:
    * opkg_install_cmd: Cannot install package kmod-tun.

    Need help please!

  9. I have an wr841nd v9 with DDWRT, and there is only PPTP.
    But i need a OpenVPN Client. Works this on DDWRT?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.